If you allowed password based logins to your wiki, those passwords were
stored in cleartext in the userdb. To guard against exposing users'
- passwords, I recommend you install the Authen::Passphrase perl module, and
+ passwords, I recommend you install the [[cpan Authen::Passphrase]] perl module, and
then run `ikiwiki-transition hashpassword /path/to/srcdir` to replace all
existing cleartext passwords with strong (blowfish) hashes.
* Fix security hole that occurred if openid and passwordauth were both
enabled. passwordauth would allow logging in as a known openid, with an
empty password. Closes: #[483770](http://bugs.debian.org/483770)
+ (CVE-2008-0169)
* Add rel=nofollow to edit links. This may prevent some spiders from
pounding on the cgi following edit links.
* passwordauth: If Authen::Passphrase is installed, use it to store